Breaking PHP internals

A vulnerable application allows an attacker to load arbitraty PHP classes by sending out specially crafted requested.
Exploiting PHP autoloader we can turn it into a Local File Inclusion.

Manually craft blind SQL injections

How to leverage search results to exfiltrate database information using a blind SQL injection.

Searching for XSS found LDAP injection

5th Jun 2018

While searching for bugs on target website, I decided to check if it was vulnerable to blind XSS.
It turns out that the system was vulnerable to LDAP injection.

CSRF token steal in Joomla

In this post we will see how you can bypass upload filters in Joomla and deliver a payload to steal victim session token.
With a little of effort, it's possible to trick a Super User to visit a malicious page and force him to create a new Super User for us.

Weaponize Oracle Weblogic Server POC (CVE-2018-2628)

26th Apr 2018

On April 18th 2018, a Remote Command Execution vulnerability has been discosled in Oracle Weblogic Server.
At the time of this writing, there are a couple of Proof Of Concept out there, let's see how we can improve them and pop a remote shell an the victim machine.